winstart.bat is offline - it is currently not available

I attempted to post on a thread called “Questions about Winstart.bat” b/c I have the same problem as him, but I was instructed by Pondus to start a new thread and that he would (thanks) assist me.

The problem is as such: My computer has never in the past had the result show (“C:\WINDOWS\winstart.bat is offline - it is currently not available (42006)”) after an avast full scan before; this is the first time. Avast is my only AV. My computer has been lagging lately and was having some trouble crashing etc. recently. The avast scan did not show any other viruses/issues. I did have to completely remove Avast from my machine and redownload it b/c it was completely not working. So now it’s working but has this mysterious file that it can’t open.
Even after cleaning the registry up , my computer is slow. After that the volume control has stopped working and a few other quirks.

Pondus, you instructed me to follow the Essexboy guide posted on that thread, and I did. Can you tell me if you think it worked? Is my virus or whatever it is gone now?

As you requested, I have attached the scan reports here as described in essexboy’s guide.

I hope my computer’s fixed! :cry: Please let me know what you think. Thank you so much, Leah ;D

It would only allow me to post 5 of the log files, so here are the RK reports attached…

It would only allow me to post 5 of the log files, so here is the FSS report attached…
;D

Pondus, you instructed me to follow the Essexboy guide posted on that thread, and I did. Can you tell me if you think it worked? Is my virus or whatever it is gone now?
that you find out when essexboy have inspected the logs. ;)

he is notified and will be in here later today…

OBS…also attach AdwCleaner log

Hi there is a hook on one of your files but it may just be SPTD however, I will check that out

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

Run OTL and paste the following in the custom scans box, then press run scan

/md5start
winstart.*
/md5stop

Hi Pondus and Essexboy. Thanks so much for your help! Here’s the logs.

BTW, just thought I should let you know. I just found out that before my most previous post (and after the ones before that), someone in my house went on the computer and ran a Ccleaner and deleted about 50 files (I don’t know if there really files or whatever they’re called). I told him to not do that again… arrrg. Anyway, I don’t know if that affected your log reports from previous. Sorry. Leah ::slight_smile:

Winstart.bat is a legitimate windows file, however it is rarely used

Did you run TDSSKiller?

Hi. Ever since that file showed up as avast not being able to open it I;ve been having computer trouble, things freezing up, volume buttons won’t work, etc. Sorry, I thought I posted the TDSS log. Here it is now. Leah :wink:

OK lets check the drivers out

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Hi. My volume buttons still aren’t working -still have volume, just isn’t showing control indication. Don’t know if any other problems b/c they pop up sporadically and it bothers me that there’s a file that avast can’t open. Just before that, is right when the problems started. Haven’t done an avast scan to see if unopenable file is still there, but still no volume indication. Thanks, Leah

If you could run Combofix I will see what that has to tell me

:wink: Hi. Here’s the combo fix log attached. Thanks!

As Avast is just reporting that the file could not be scanned it is not a problem… I can see no apparent malware. How is the computer behaving

Hi. Thanks! Ever since the problem started, my volume buttons apparently work, but the indicator that’s supposed to show up on the screen to show level, doesn’t show up anymore. My firefox froze up a couple Xs recently and was OK after force quit and restart ff. Other than that I guess comp seems to be working fine I guess. Avast had never shown that report b4 in the past so it is kinda weird. A few wks ago, I had to completely remove ff & avast from my comp b/c neither of them would work at all and my comp was completely freezing up. When I ran a virus scan it didn’t show a virus, but I did a registry cleaner and Ccleaner and redownloaded ff & avast. Ever since then and having you help me it is running better, but I was obviously concerned. I will talk to others in my household tomorrow & ask them what they think if the comp has been giving them any trouble. I’ll let you know soon, Leah

OK let me know the findings and I will see if we can resolve them

OK, thanks for all your help. Sorry I didn’t write for awhile, I’m doing exams. So everybody says the comp’s running fine now almost. I will do an avast scan next week and see if that file :-\ is still there unopenable. I’ll let you know if we get any trouble over next little while. Thanks again for all your help! Cheers! :slight_smile:

No problem, once you are happy let me know and I will tidy up

Hi. So seems to be working OK. Just ran an avast scan. It says at the end there’s zero viruses, but it says “some files could not be scanned.” Then when you click to look at results it has that win bat thing. So I guess it can’t scan that. But I never had that problem before all of this. I know I told you that before, but now my mute button (and volume buttons) don’t/doesn’t work either, but that might just be temporary or not a big deal, I don’t know, it’s not a big problem I guess. So do you want to just clean it up now? or do you think I have a virus that makes it so the virus software can’t scan and see it? I did notice today that the avast was turned off, and I don’t think I did that! I don’t think anybody else in my house did it either. So, that’s kinda weird. Of course I turned it back on right away! Lemmie know what you think when you get a chance. Kindly, Leah

"some files could not be scanned."
Means just that, they are not a problem Let me know of any problems after the tidy up

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [resethosts] [emptytemp] [CLEARALLRESTOREPOINTS] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall
(Notice the space between the “x” and “/”)
then click OK

http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg

[]Follow the prompts on the screen
[
]A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave: